Businesses with over 6,000 data records face a higher risk of economic loss without adequate cyber security defences in place, according to a cyber security and risk mitigation company, NCC Group. It looked into the average cost of cyber security across multiple sectors in one year, including staff, hardware and software, against the average UK cost of a single data breach, which is £120 per record, according to The Ponemon Institute in the United States.
NCC found a theoretical cut-off point at which the cost of a single breach exceeded this cyber security cost, which occurred where businesses held between 5,000 and 6,000 records. It also found that the higher the turnover of a business, the higher the average cost of a data breach, with the average loss rising from £1.5m to £10m for companies with a turnover between £5m and £9.9m, and over £50m respectively.
However, this analysis found that the likelihood and cost of a data breach varied between sectors, with 61pc, about six in ten, of local government bodies, 10pc of central government organisations, and 18pc of utilities companies reporting a breach between the first quarter of 2016 and the same quarter in 2017. The healthcare sector faced the highest breach cost per record, with each breached record costing organisations £267 on average. While businesses in the marketing sector had the lowest chance of a breach, with only one in 25,000 UK business reporting a breach during the same period.
Comment
Nick Dunn, managing security consultant at Manchester-based NCC Group, said: “Of course, implementing robust cyber security measures is vital for businesses of every size and in every industry, particularly with GDPR coming into force next month which is likely to raise breach costs to higher levels than before.
“This analysis demonstrates that cyber resilience when it comes to the security of sensitive data needs to be a priority for all businesses, and it is important to note that this analysis only takes into account the impact of one data breach. Even though one breach alone can cause a lot of damage, organisations should also have solid procedures and cyber incident response plans in case they face repeated attacks. With the amount of sensitive data held by organisations only increasing in size, it is crucial for all businesses to ensure that they have considered every possibility and taken tangible steps towards enhancing their security posture.”
Visit https://www.nccgroup.trust/uk/.
